4 matches found
EUVD-2021-34744
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the addremoteschema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL...
CVE-2021-47715
Hasura GraphQL Engine 1.3.3 is exposed to a server-side request forgery via the add_remote_schema endpoint. The underlying issue allows injection of arbitrary remote schema URLs by crafting POST requests to /v1/query, potentially enabling access to internal network resources. Affected component: ...
CVE-2021-47715 Hasura GraphQL 1.3.3 Server-Side Request Forgery via Remote Schema Injection
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the addremoteschema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL...
CVE-2021-47715 Hasura GraphQL 1.3.3 Server-Side Request Forgery via Remote Schema Injection
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the addremoteschema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL...